Advisories » MGASA-2015-0316

Updated x11-server packages fix security vulnerability

Publication date: 21 Aug 2015
Modification date: 21 Aug 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-3164

Description

The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the
server in non-authenticating mode, which allows local users to read from or
send information to arbitrary X11 clients via vectors involving a UNIX socket
(CVE-2015-3164).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=16182
• http://lists.x.org/archives/xorg-announce/2015-June/002611.html
• http://lists.opensuse.org/opensuse-updates/2015-06/msg00044.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3164

SRPMS

5/core

• x11-server-1.16.4-2.1.mga5